Malware or no ?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have WinXP with SP2

On every startup, a file named "System.dll" (size 10,240 bytes)
is created in my windows default temp directory in a newly created
subdirectory named "nsxx.tmp" (xx = it varies). The creation date &
time reflects when it was placed in the temp sub directory on startup.
There is no other identification even viewing it with a hex viewer.

There are also 4-6 prefetch related entries like
       "\windows\prefetch\NS4.TMP-3A84D703.pf"
but putting them up in the hex viewer reveals nothing except they check
the standard system DLLs to hook various functions as obviously
whatever program it is needs them. I'm not experienced enough to ID
the program itself.

AdAware identifies it as "Adware Maxfiles". I have also tried HiJackThis and
many of the other recommeded malware detector/removers without luck.
My AVG free edition anti-virus program does not recognize it as a virus.

A google on it returns numerous hits describing it as malware but no
solutions other than what I've tried already.

Should I be worried about this ? Anyone familiar with it ? Suggestions ?

Bill Mudd



Re: Malware or no ?

wrote:

Quoted text here. Click to load it

If you Google system.dll Trojan you'll find descriptions of at least a
couple of different Trojans (Sophos and Symantec). One thing you
could do is to see if the descriptions match what's on your PC in the
way of other files the Trojans install. Anyway, I suspect a Trojan
that AVG is not detecting but other antivirus products will likely
detect and remove.

Try the KAVDOSNT download from my web site.

Art
http://home.epix.net/~artnpeg

Re: Malware or no ?

Quoted text here. Click to load it

heh

--
The first rule of optimisation: "Don't do it yet"
The second rule of optimisation: "I told you, don't do it yet"

Re: Malware or no ?

mcmudd_nospam@earthlink.net says...
Quoted text here. Click to load it
Hi Bill,

I'm the author of a malware removal tool known as BugHunter. It may
detect and remove the offending program for you. If it does not do so,
you are welcome to send me a sample of the file and I'll add its
signature to the pattern file.

--
Dustin
Author of BugHunter - MalWare Removal Tool
Current Version: 1.9.1 Released July 28th, 2006
Last Pattern Update: August 2nd, 2006
http://bughunter.it-mate.co.uk

Site Timeline